gellux Posted August 12 Share Posted August 12 Hi, hoping for some serious non-judgmental advice here. I've posted to these forums in particular as I'm unsure where else to go, and it may become clearer the more you read. I'm not great with internet communication protocol/terminology though I try to keep up, but now I need help from some experts. I'll try to write a sort of timeline and detail why I'm concerned, I'm sorry if it becomes uncoordinated or rambling. A very long time ago, when I first began torrenting on private trackers, I checked the site iknowwhatyoudownload.com to double check if the activity really was private, and for a long time, that list remained blank. Some months ago, I loaded the website again for the first time in years and there was a list of torrents that I had not downloaded, including porn. I thought it was strange, and googled why that may happen. Some users said the website isn't to be trusted, and others advised extreme caution. About 2 weeks ago, I checked again, and not only was there TV/Movies that I hadn't downloaded, but porn again as well, but, terrifyingly, CP (or CSAM as it's known now). I became immediately concerned that my network had been hacked, and searched my devices for any of these files listed, but nothing showed. There were downloads every day or two, with one instance of the CP in the list. I unplugged my router overnight to change the IP address and waited to see if all traffic ceased. For 2 days there was nothing listed, but then 1 porn and 1 CSAM file were listed. I changed IP address again and turned off my unraid tower. That was 5 days ago, and unraid has been off since, and there has been no update to the list. I am concerned that when my tower connects to the internet, it is hijacked somehow for someone else's use. That is where I am. I'm sure you can understand why I am extremely concerned about this and so, please, could anyone advise me on: my next steps; action to take; advice on believing that website; understanding what may have happened; how to get my tower back. My thoughts: this could have been going on for months and maybe the website isn't correct and police aren't interested i used a public tracker once and maybe the ip address was stolen to be used by someone for nefarious means, but not sure how this then crossed to the new ip address is my unraid is connected to someone's pc somewhere? i don't know how to monitor such traffic on my network could simply changing ports on qbt/deluge rectify this with no updates since the tower was turned off, i believe the issue is with my unraid tower rather than my network, but how can i be sure? Thank you. Quote Link to comment
JonathanM Posted August 13 Share Posted August 13 Do you have any rules in your router opening ports or redirecting traffic to your Unraid tower? DMZ or port forwarding rules? Quote Link to comment
gellux Posted August 13 Author Share Posted August 13 5 hours ago, JonathanM said: Do you have any rules in your router opening ports or redirecting traffic to your Unraid tower? DMZ or port forwarding rules? Thanks for replying. AFAIK i haven't touched the router other than to reset the IP address. Under Security, there are Firewall rules that are saying to BLOCK inbound traffic and to ALLOW outbound services, under IPV6 Firewall. Last night I randomly looked in my Spam folder in my email and saw a phishing email threatening action against CP among other things, and presumably a link to "pay the police" else legal action would be taken. This was obviously spam so I forwarded it to 2 gov reporting emails and googled it to see actionfraud.gov.uk had a page about it, too. The date it was sent was the day after the last update to the iknowwhatyoudownload list, which may be coincidence, may not be. Maybe my turning my tower off is just a coincidence in timing. I also googled haveibeenpwned, to see that a website i purchased from maybe a year ago had been hacked and a list of customer details leaked, including emails and physical addresses. Doesn't say IP address though. Quote Link to comment
OrneryTaurus Posted August 20 Share Posted August 20 Who is your internet provider? It might be a CGNAT situation. Quote Link to comment
gellux Posted August 22 Author Share Posted August 22 On 8/20/2024 at 9:11 PM, OrneryTaurus said: Who is your internet provider? It might be a CGNAT situation. apparently my ISP does not use CGNAT. I have changed IPs multiple times, changed network name and password, and so far there is no activity on that site for my new IP address which is good. I want to use software to monitor my network going forward but I'm untrusting of what I'm downloading now as it's made me question everything I've done recently. My malwarebytes was detecting and quarantining filezilla update files, so I uninstalled and redownloaded it, even though I initially used the legitimate website. I've looked at nmap to monitor the network but unsure whether to trust it. I also wanted to implement things mentioned in this article https://www.techtarget.com/searchsecurity/definition/IP-spoofing but I'm not versed in these things and terminology so just feel out of my depth. I also want to install a new VPN, but I don't find installation guidance very helpful for that on unraid. People mention that "unraid has wireguard built in" but that doesn't mean much to me. I read about using a gluetun docker and "sending torrent clients through it" which sounds more promising... Ultimately, I checked my tower before powering it down and couldn't find any evidence that anything malicious had been downloaded to my devices, but I still feel paranoid to power it back up, even just to check. I want to get things in place before starting it up. Thanks. Quote Link to comment
OrneryTaurus Posted August 22 Share Posted August 22 FileZaill has 'sponsored' content in the setup executible if you download direct from the main homepage. This 'sponsored' content is flagged by many security products. However if you download from the 'show more downloads' page, it is sponsored content free: https://filezilla-project.org/download.php?show_all=1 Quote Link to comment
gellux Posted August 22 Author Share Posted August 22 1 hour ago, OrneryTaurus said: FileZaill has 'sponsored' content in the setup executible if you download direct from the main homepage. This 'sponsored' content is flagged by many security products. However if you download from the 'show more downloads' page, it is sponsored content free: https://filezilla-project.org/download.php?show_all=1 Yes that;s what I used for the reinstall. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.